Cryptocurrency boom and mining attacks went hand in hand in Q4’17

In sync with the raging popularity and price of Bitcoin in the last few months of 2017, cyber-security firm McAfee registered a record surge in cryptocurrency mining attacks.

In its latest McAfee Labs Threats Report: March 2018, the cyber-security firm reveals on average eight new threat samples per second, and the increasing use of fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.

“The fourth quarter was defined by rapid cybercriminal adoption of newer tools and schemes — fileless malware, cryptocurrency mining, and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks,” said Raj Samani, McAfee fellow and chief scientist, in a statement.

“Collaboration and liberalized information-sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyber warfare,” he added.

The spike in the value of Bitcoin in the last quarter of 2017 prompted an expansion from traditional moneymakers like ransomware into hijacking Bitcoin and Monero wallets. McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining and observed discussions in underground forums suggesting Litecoin as a safer model than Bitcoin, with less chance of exposure.

Cybercriminals also continued to adopt fileless malware leveraging Microsoft PowerShell, which surged 432 percent over the course of 2017, as the threat category became a go-to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.

“By going digital, along with so many other things in our world, crime has become easier to execute, less risky, and more lucrative than ever before,” said Steve Grobman, CTO, McAfee, in a statement.

McAfee report also looked at attack vectors. In Q4 and 2017 overall, malware led disclosed attack vectors, followed by account hijacking, leaks, distributed denial of service, and code injection.

The fourth quarter fortunately saw notable industry and law enforcement successes against criminals responsible for ransomware campaigns. The firm counted 222 publicly disclosed security incidents in Q4, a decrease of 15 percent from Q3. 30 percent of all publicly disclosed security incidents in Q4 took place in the Americas, followed by 14 percent in Europe and 11 percent in Asia.